Added rights management + user edit
This commit is contained in:
parent
f8161f2e7a
commit
7dfd5a041a
3
.vscode/settings.json
vendored
Normal file
3
.vscode/settings.json
vendored
Normal file
@ -0,0 +1,3 @@
|
||||
{
|
||||
"eslint.enable": false
|
||||
}
|
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
@ -17,14 +17,38 @@ if($('#page-type-admin-users').length) {
|
||||
},
|
||||
methods: {
|
||||
addRightsRow: (ev) => {
|
||||
vueEditUser.rights.push({});
|
||||
vueEditUser.rights.push({
|
||||
role: 'write',
|
||||
path: '/',
|
||||
exact: false,
|
||||
deny: false
|
||||
});
|
||||
},
|
||||
removeRightsRow: (ev) => {
|
||||
|
||||
removeRightsRow: (idx) => {
|
||||
_.pullAt(vueEditUser.rights, idx)
|
||||
vueEditUser.$forceUpdate()
|
||||
},
|
||||
saveUser: (ev) => {
|
||||
|
||||
|
||||
let formattedRights = _.cloneDeep(vueEditUser.rights)
|
||||
switch(vueEditUser.roleoverride) {
|
||||
case 'admin':
|
||||
formattedRights.push({
|
||||
role: 'admin',
|
||||
path: '/',
|
||||
exact: false,
|
||||
deny: false
|
||||
})
|
||||
break;
|
||||
}
|
||||
$.post(window.location.href, {
|
||||
password: vueEditUser.password,
|
||||
name: vueEditUser.name,
|
||||
rights: JSON.stringify(formattedRights)
|
||||
}).done((resp) => {
|
||||
alerts.pushSuccess('Saved successfully', 'Changes have been applied.');
|
||||
}).fail((jqXHR, txtStatus, resp) => {
|
||||
alerts.pushError('Error', resp);
|
||||
})
|
||||
}
|
||||
},
|
||||
created: function() {
|
||||
@ -33,8 +57,6 @@ if($('#page-type-admin-users').length) {
|
||||
this.email = usrData.email;
|
||||
this.name = usrData.name;
|
||||
|
||||
console.log(_.find(usrData.rights, { role: 'admin' }));
|
||||
|
||||
if(_.find(usrData.rights, { role: 'admin' })) {
|
||||
this.rights = _.reject(usrData.rights, ['role', 'admin']);
|
||||
this.roleoverride = 'admin';
|
||||
|
@ -4,6 +4,7 @@ var express = require('express');
|
||||
var router = express.Router();
|
||||
const Promise = require('bluebird');
|
||||
const validator = require('validator');
|
||||
const _ = require('lodash');
|
||||
|
||||
/**
|
||||
* Admin
|
||||
@ -85,6 +86,40 @@ router.get('/users/:id', (req, res) => {
|
||||
|
||||
});
|
||||
|
||||
router.post('/users/:id', (req, res) => {
|
||||
|
||||
if(!res.locals.rights.manage) {
|
||||
return res.status(401).json({ msg: 'Unauthorized' });
|
||||
}
|
||||
|
||||
if(!validator.isMongoId(req.params.id)) {
|
||||
return res.status(400).json({ msg: 'Invalid User ID' });
|
||||
}
|
||||
|
||||
return db.User.findById(req.params.id).then((usr) => {
|
||||
usr.name = _.trim(req.body.name);
|
||||
usr.rights = JSON.parse(req.body.rights);
|
||||
if(usr.provider === 'local' && req.body.password !== '********') {
|
||||
let nPwd = _.trim(req.body.password);
|
||||
if(nPwd.length < 6) {
|
||||
return Promise.reject(new Error('New Password too short!'))
|
||||
} else {
|
||||
return db.User.hashPassword(nPwd).then((pwd) => {
|
||||
usr.password = pwd;
|
||||
return usr.save();
|
||||
});
|
||||
}
|
||||
} else {
|
||||
return usr.save();
|
||||
}
|
||||
}).then(() => {
|
||||
return res.json({ msg: 'OK' });
|
||||
}).catch((err) => {
|
||||
res.status(400).json({ msg: err.message });
|
||||
})
|
||||
|
||||
});
|
||||
|
||||
router.get('/settings', (req, res) => {
|
||||
|
||||
if(!res.locals.rights.manage) {
|
||||
|
@ -2,8 +2,8 @@
|
||||
ul
|
||||
template(v-for="aItem in children", track-by='_uid')
|
||||
li(v-bind:class='aItem.class')
|
||||
button.delete(v-on:click='acknowledge(aItem._uid)')
|
||||
h3 {{ aItem.title }}
|
||||
button(v-on:click='acknowledge(aItem._uid)')
|
||||
strong {{ aItem.title }}
|
||||
span {{ aItem.message }}
|
||||
|
||||
if appflash.length > 0
|
||||
|
@ -64,10 +64,10 @@ block adminContent
|
||||
th(style={width: '150px'}) Access
|
||||
th(style={width: '50px'})
|
||||
tbody
|
||||
tr(v-for='right in rights', v-cloak)
|
||||
tr(v-for='(right, idx) in rights', v-cloak)
|
||||
td.is-icon
|
||||
i.icon-marquee-plus.is-green(v-if='!right.deny')
|
||||
i.icon-marquee-minus.is-red(v-if='right.deny')
|
||||
i.icon-marquee-plus.is-green(v-if='right.deny === false || right.deny === "false"')
|
||||
i.icon-marquee-minus.is-red(v-if='right.deny === true || right.deny === "true"')
|
||||
td
|
||||
p.control.is-fullwidth
|
||||
select(v-model='right.role')
|
||||
@ -89,7 +89,7 @@ block adminContent
|
||||
option(value='false') Allow
|
||||
option(value='true') Deny
|
||||
td.is-centered.has-action-icons
|
||||
i.icon-delete.is-red(v-on:click='removeRightsRow(right._id)')
|
||||
i.icon-delete.is-red(v-on:click='removeRightsRow(idx)')
|
||||
tr(v-if='rights.length < 1', v-cloak)
|
||||
td.is-icon
|
||||
td.is-centered(colspan='3'): em No additional access rights
|
||||
|
Loading…
Reference in New Issue
Block a user